U.S. patent number 7,383,579 [Application Number 10/225,304] was granted by the patent office on 2008-06-03 for systems and methods for determining anti-virus protection status.
This patent grant is currently assigned to AT&T Delaware Intellectual Property, Inc.. Invention is credited to M. Bernard Catanzano.
United States Patent |
7,383,579 |
Catanzano |
June 3, 2008 |
Systems and methods for determining anti-virus protection
status
Abstract
A method to automatically determine a computer's current level
of anti virus protection is described. When a client machine
submits a request, a request filter determines if the version of
the anti-virus protection software present on the user's computer
is sufficient to allow access to the requested destination. If the
version of anti virus software on client machine is not sufficient,
then the request filter directs the request to an alternate
location.
Inventors: |
Catanzano; M. Bernard (Hoover,
AL) |
Assignee: |
AT&T Delaware Intellectual
Property, Inc. (Wilmington, DE)
|
Family
ID: |
39466649 |
Appl.
No.: |
10/225,304 |
Filed: |
August 21, 2002 |
Current U.S.
Class: |
726/24; 726/12;
726/13 |
Current CPC
Class: |
G06F
21/51 (20130101); H04L 63/102 (20130101); H04L
63/1433 (20130101); G06F 2221/2119 (20130101) |
Current International
Class: |
G06F
11/00 (20060101); G06F 12/14 (20060101) |
Field of
Search: |
;726/12-13,24 |
References Cited
[Referenced By]
U.S. Patent Documents
Other References
Berners-Lee et al., RFC 1945--Hypertext Transfer
protocol--HTTP/1.0, May 1996. cited by examiner .
SonicWALL, Inc., Virus Protection for Small to Medium Networks,
2001. cited by examiner .
Lyman, Jay, In Search of the World's Costliest Computer Virus,
http://www.newsfactor.com/perl/story/10407.html. Feb. 21, 2002.
cited by other .
Virus Costs Skyrocket, News Technology,
http://www.cs.nmt.edu/.about.cs491.sub.--02/IA/viruscost.htm. Aug.
31, 2001. cited by other .
Harley, David, "Living with Viruses,"
<http://www.sercuritymanagement.com/library/000900.html>,
printed on Jul. 2002. cited by other .
Baylock, Richard, "Browser Dectection,"
<http://hotwired.lycos.com/webmonkey/99/02/index2a.sub.--page2.html?fw-
=authoring>, printed on Jul. 2002. cited by other .
"Scaling Next Generation Web Infrastructure with
Content-Intelligent Switching,"
http://a500.g.akamai.net/7/500/5107/20020608004602/www.nortelnetworks.com-
/products/library/collateral/intel.sub.--int/17.sub.--white.sub.--paper1.p-
df. cited by other .
"Product Overview,"
<http://www.microsoft.com/smserver/evaluation/overview/default.asp>
printed on Jul. 2002. cited by other .
"Features: What's new in SMS.2.0,"
<http://www.microsoft.com/smserver/evaluation/features/default.asp>
printed on Jul. 2002. cited by other.
|
Primary Examiner: Moazzami; Nasser
Assistant Examiner: Cervetti; David Garcia
Attorney, Agent or Firm: Merchant & Gould
Claims
That which is claimed:
1. A method for handling computerized requests comprising:
receiving a request to an external network from a computer
comprising a user agent string and a specified destination in the
external network, in a network component; extracting anti-virus
data from the user agent string; comparing the anti-virus data with
a standard, wherein the anti-virus data comprises an anti-virus
version date and wherein the user agent string has been modified by
the computer to include the anti-virus version date, wherein the
anti-virus version date has been converted by the computer to a
coordinated universal time-expressed version date value and wherein
the coordinated universal time-expressed version date value is at
the end of the user agent string; and directing the request based
on a result of the comparison; wherein directing the request based
on a result of the comparison comprises redirecting said request to
an alternate destination with respect to the specified destination
in the external network and the network component when the
anti-virus data does not meet the standard; and wherein the
alternate destination comprises a server in communication with the
network component over an internal network and wherein the server,
upon receiving the redirected request, performs at least one of the
following: severs a connection between the computer and the server
comprising the alternate destination, wherein the connection is
severed without informing the computer why the request was denied;
transmits an updated virus protection file to the computer; and
notifies a software provider that the updated virus protection file
should be sent to the computer.
2. The method of claim 1, wherein said request comprises a
hypertext transfer protocol request.
3. The method of claim 1, wherein said directing said request
comprises directing said request to an original destination of said
request when said anti-virus data meets said standard.
4. The method of claim 1, wherein said directing said request
comprises directing said request to an original destination of said
request when said anti-virus data exceeds said standard.
5. The method of claim 1, further comprising modifying said user
agent string to include said antivirus data.
6. The method of claim 1, further comprising automating system
updates to update one or more standards accessed for use in the
comparison.
7. The method of claim 1, further comprising: determining if said
user agent string and said standard are in comparable formats; and
converting said user agent string to a format which enables
comparison with said standard.
8. The method of claim 1, further comprising: determining if said
user agent string and said standard are in comparable formats; and
converting said standard to a format which enables comparison with
said user agent string.
9. The method of claim 1, wherein said standard is dependent upon
the resource being requested in said request.
10. A system for handling computerized requests comprising: a
computer network; a processor in communication with said computer
network; a request filter installed on said processor for comparing
anti-virus data in a request to an external network received from a
computer with a standard and directing said request based on said
comparison, wherein directing said request based on said comparison
comprises redirecting said request to an alternate destination with
respect to a destination in the external network specified in the
request and the request filter when the anti-virus data does not
meet the standard, and wherein the alternate destination comprises
a server in communication with the request filter over an internal
network and wherein the server, upon receiving the redirected
request, performs at least one of the following: sever a connection
between the computer and the server comprising the alternate
destination, transmit an updated virus protection file to the
computer, and notify a software provider that the updated virus
protection file should be sent to the computer, wherein the
connection is severed without informing the computer why the
request was denied.
11. The system of claim 10, wherein said processor comprises a
layer 7 switch.
12. The system of claim 9, wherein said processor comprises a
server.
13. The system of claim 9, further comprising: a client computer in
communication with said computer network; and a browser installed
on said client computer, wherein said browser is operable for
including antivirus data in a user agent string of a request.
14. A computer-readable medium on which is encoded computer program
code for handling computerized requests comprising: program code
for receiving a request to an external network from a computer
comprising a user agent string and a specified destination in the
external network, in a network component from a computer; program
code for extracting anti-virus data from said user agent string;
program code for comparing said anti-virus data with a standard;
and program code for directing said request based on a result of
said comparison, wherein directing the request based on a result of
the comparison comprises redirecting said request to an alternate
destination with respect to the specified destination and the
network component when the anti-virus data does not meet the
standard; and wherein the alternate destination comprises a server
in communication with the network component over an internal
network and wherein the server, upon receiving the redirected
request, performs at least one of the following: severs a
connection between the computer and the server comprising the
alternate destination, wherein the connection is severed without
informing the computer why the request was denied; transmits an
updated virus protection file to the computer; and notifies a
software provider that the updated virus protection file should be
sent to the computer.
15. The computer-readable medium of claim 14, wherein said request
comprises a hypertext transfer protocol request.
16. The computer-readable medium of claim 14, wherein said
anti-virus data comprises the antivirus version date.
17. The computer-readable medium of claim 16, wherein said
anti-virus version date comprises a coordinated universal
time-expressed version date.
18. The computer-readable medium of claim 14, wherein said program
code for directing said request comprises program code for
directing said request to an original destination of said request
when said anti-virus data meets said standard.
19. The computer-readable medium of claim 14, wherein said program
code for directing said request comprises program code for
directing said request to an original destination of said request
when said anti-virus data exceeds said standard.
20. The computer-readable medium of claim 14, wherein said program
code for directing said request comprises program code for
redirecting said request to an alternate destination when said
standard exceeds said anti-virus data.
21. The computer-readable medium of claim 14, further comprising
program code for modifying said user agent string to include said
anti-virus data.
Description
FIELD OF INVENTION
The present invention generally relates to handling requests in a
communications network. The present invention more particularly
relates to handling requests based on the level of anti-virus
protection present on the requesting computer.
BACKGROUND OF THE INVENTION
As the proliferation of the Internet increases, so too does the
case with which individuals and commercial entities perform
electronic transactions. However, along with these positive
advances comes the threat from cyber hackers, terrorists, and other
elements that focus on attacking computer networks in general and
the Internet in particular. The continual attacks cause large
financial losses for commercial entities as well as a concomitant
loss of confidence among ordinary users. Hence, the need for and
the expectation of electronic security are now greater than
ever.
Unlike physical structures, which are vulnerable to physical
attacks, computer networks are vulnerable to both physical attack
and "virtual" attacks. Hackers execute these virtual attacks using
specially designed computer programs like viruses. Since computer
systems are accessible from anywhere on a network to which they are
attached, they can be harder to protect than a physical structure.
For example, a would-be hacker can attack a computer network from
computer systems located in foreign nations far removed from the
threat of United States or other law enforcement.
As the complexity and effectiveness of anti-virus and
anti-intrusion methods has increased, so has the creativity of the
hackers. Conventionally, a multitude of specially designed computer
programs exist that have the potential to damage computer system
and the networks with which they communicate. For example,
conventional viruses exist that infect program files, infect the
boot sector of disk drives, execute under the guise of a macro,
operate as worms or Trojan Horses, as mimetic viruses, or use some
other method to infect targeted systems. Each type of virus
functions in at least a somewhat different manner, making them
collectively harder to fight.
For example, a "classic" virus is a computer program that instructs
the computer to do something harmful. The classic virus can also
replicate itself and spread from one computer to another. A worm
can be an even more dangerous iteration of the classic virus. Many
conventional viruses spread across a network by attaching
themselves to legitimate messages or programs. A worm, however,
does not need to attach itself to a specific computer program.
Instead, a worm copies itself across computer systems and networks
without attaching to a host program. In contrast, the Trojan Horse
programs appear to do something desirable, but also perform a
harmful secondary function. A common example is a Trojan Horse
program that secretly steals passwords from an unsuspecting
user.
The need for better Internet security has never been greater. In
2000, viruses caused $17.1 billion in damages (Reuters, Aug. 31,
2001). Eradication of these programs can be very expensive. For
example, according to Computer Economics, the "Love Bug" virus cost
$8.75 billion to eradicate, the "Code Red" virus cost $2.62
billion, the "SirCam" virus cost $1.15 billion, and the "Nimda"
virus cost $635 million. The major costs of virus cleanup include
cleaning up infected machines, eradicating viruses, user downtime,
and associated losses in productivity.
According to Businessweek Online, there are more than 36,000 known
viruses and an average of 10-15 new viruses appear every day.
Therefore, Internet security issues will continue to affect the
financial health of commercial entities for the foreseeable future.
A need exists to eliminate or at the very least minimize the
effects of these conventional harmful computer programs.
Various conventional methods exist to control and eliminate
computer viruses and other harmful programs. For example,
anti-virus protection software can neutralize certain conventional
viruses. When a virus is present on a computer system, the
anti-virus software detects it. However, the effectiveness of the
anti-virus software depends on how up-to-date the installed version
of the software is on the computer system. One problem with these
programs is that they rely on individual users to download current
versions of the anti-virus software onto their systems. However,
individual users, whose primary job function is not computer and
network security and maintenance, tend not to actively update their
computers for anti-virus software. Therefore, relying on individual
users to update their anti-virus software is not an effective
method to combat viruses and other harmful programs. Furthermore,
if the virus software is outdated, a new virus that infects the
user's computer may escape detection. If the virus goes undetected,
when the user accesses an internal or external network server, the
user may very well infect the server as well as any computers
connected to a network to which the server is connected.
One conventional solution for the problem of maintaining effective
virus protection is to assign a system administrator for a computer
network to the task of monitoring anti-virus updates as they become
available from the vendor. When they become available, the system
administrator distributes the anti-virus software to individuals'
computers without the active participation of the individual. The
network administrator may utilize a centralized software management
system to perform these updates. The centralized software
management system distributes, updates and probes the computers on
a network anti automatically installs updates as directed by the
system administrator. Examples of such management systems include,
but are not limited to, SIMPLE NETWORK MANAGEMENT TOOL, NOVELL IPX,
MICROSOFT SERVICE MANAGEMENT SYSTEM (SMS), HP OPEN VIEW, AND IBM
SYSTEM NETWORK ARCHITECTURE (SNA).
Typically, these software management systems inventory the current
software on each individual computer, allow distribution,
extraction and updating of software from a central location,
monitor the network for problems and provide other methods that
enable effective network management. Therefore, when using a
centralized software management system, a dedicated system
administrator would automatically update the computer to make sure
that the virus program was current. Thus, the need for each user at
each terminal to replicate this task is eliminated. Conventional
systems focus on performing virus checks using these centralized
software management systems to probe, monitor and update the
network. Therefore, centralized software management systems achieve
methods for network security. However, centralized software
management systems are often expensive to implement and still rely
on the system administrator to update the virus software.
U.S. Pat. No. 6,298,445 (the '445 patent) describes using a
centralized management software system. The '445 patent describes a
probe that monitors the system for security breaches and for
security vulnerabilities. According to the '445 patent, the
monitoring system assesses the operating systems of various
computers and monitors the network for security vulnerabilities.
Once the system administrator determines that enhancements are
necessary, a push system sends the software enhancements to each
system electronically.
However, not all computer networks have a network administrator who
constantly updates individual computers' virus software. As the
popularity and installed base of virtual private networks (VPN)
increase, so does the risk of having unmanaged computers connected
to the network. VPN systems are becoming increasingly popular
because they provide cost savings by replacing more costly
dedicated leased lines with secure connections across a public
network. Furthermore, VPN systems do not require permanent links
between sites, an advantage for users who need to travel.
Unfortunately, with this freedom comes risk. If a remote computer
becomes infected with a virus and accesses the VPN before receiving
anti-virus software updates, the remote computer may infect the
entire network.
A company may have other reasons for not utilizing a centralized
software management system for managing every computer. For
example, the cost of purchasing and implementing a centralized
software management system may be prohibitive. Alternatively, a
company may voluntarily choose not to link certain people's
computers to the network because of the fear of compromising
sensitive information present on certain computer systems.
Therefore, in the absence of a centralized software management
system, network security relies on individual users updating the
virus protection programs on individual computers. In the absence
of a diligent user performing these updates, harmful computer
programs have an opportunity to attack an entire network. Thus, a
solution is needed in which user security is maintained without the
need for implementing a centralized software management system.
Another conventional solution to protect networks involves
screening every data packet across the network for viruses and
other harmful programs. U.S. Pat. No. 6,219,786 (the '786 patent)
describes such a system. In the '786 patent, as data packets are
transmitted throughout the network, each packet is analyzed at
decision nodes distributed throughout the network. The decision
nodes confirm if the user has the necessary security clearance to
access/transmit that data across the network and check if the data
packet has any viruses. If a virus is located in a data packet, the
system alerts the user who is transmitting the virus. However, the
system disclosed in the '786 patent requires decision nodes to
screen every data packet transmitted across the network for
viruses. For large networks, checking every data packet in every
electronic transmission is impractical and cumbersome.
When a user accesses the Internet, the user is really accessing a
computer server that contains the website. In principle, when
accessing web pages or accessing a company server, the user is
performing the same function, the user is accessing a server that
contains the information the user wants. Users access servers or
websites by many means. A user can access a website by a dedicated
remote link or use an Internet browser and specify the address of
the web page. The web page address merely directs the data packet
to a computer server that contains the particular web page.
Therefore, when the user requests to go to a particular website,
the user is really specifying which file on a server the user
wishes to access.
None of the conventional approaches to anti-virus protection
provides a means of efficiently and effectively monitoring virus
compliance of users whose systems are not maintained by a system
administrator and without monitoring every data packet that is
transmitted across the network. Such a means is needed.
SUMMARY OF THE INVENTION
Embodiments of the present invention provide systems and methods
for handling requests, such as hypertext transfer protocol (HTTP)
requests, in a computer network based on anti-virus protection
information contained in the user agent string of the request. In
one embodiment, a request filter extracts the anti-virus protection
software version for the user agent string and, based on a
comparison with a standard, either directs the request to the
original destination or redirects the request to an alternate
destination. In an embodiment of the present invention, the
anti-virus protection version may be coded in any of a variety of
ways, including as a unique, random code, a text string, a
coordinated uniform date (UTC) string, or some other code.
In an embodiment of the present invention, the user agent string
included in the request from a client computer includes the code
identifying the anti-virus version level. The client computer is in
communication with a network, which is also in communication with
the request filter. Requests from the client computer are routed
through the request filter rather than directed to the destination
specified in the request. Various methods may be utilized to modify
the string, including using a programmatic means to change the
string on the fly, changing a registry setting in Microsoft
Windows, changing an .ins file, and others.
The request filter in an embodiment of the present invention
includes a processor. For example, the request filter may be a
computer, a router with processing capabilities or a layer 7
switch. The request filter may also be integrated with another
network component such as a proxy server or firewall.
The client computer or device in an embodiment of the present
invention is capable of issuing a request, such as an HTTP request.
For example, in one embodiment, a personal computer includes a web
browser for issuing a HTTP request. The HTTP request includes a
user agent string, which includes a code identifying the anti-virus
protection software version.
Embodiments of the present invention provide numerous advantages
over conventional systems for monitoring anti-virus compliance of
individual users without the need for a system administrator.
Embodiments of the present invention provide anti-virus compliance
testing without requiring a dedicated system administrator who
monitors and maintains each computer within the network to ensure
anti-virus compliance. Embodiments of the present invention also
eliminate the requirement of examining every data packet
transmitted through the network for viruses. Eliminating the
requirement to screen every data packet increases the speed of the
network and overall data transmission rate and decreases the
resources necessary to effectively implement and monitor the
network.
Further details and advantages of the present invention are set
forth below.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features, aspects, and advantages of the present
invention are better understood when the following Detailed
Description is read with reference to the following drawings
wherein:
FIG. 1 is a block diagram illustrating an exemplary environment for
operation of an embodiment of the present invention;
FIG. 2 illustrates an exemplary HTTP request in an embodiment of
the present invention; and
FIG. 3 is a flow chart illustrating an exemplary method for
receiving and directing requests in an embodiment of the present
invention.
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention provide systems and methods
for handling requests in a computer network based on anti-virus
protection information contained in the user agent string of the
request. In one embodiment, a system according to the present
invention includes a computer network, a processor in communication
with the network, and a request filter installed on the processor.
The request filter compares the anti-virus data contained in the
user agent string of a request with a standard and then either
directs the request to the original destination or redirects the
request to an alternate destination based on the results of the
comparison. In various embodiments, the request filter may be a
switch, such as a layer-7 switch, or may be some type of server. A
server is a processor, which is not generally used as a client
computer and which is accessible by various client machines on a
network.
Referring now to the Figures in which like numerals indicate like
elements throughout the several Figures, FIG. 1 illustrates an
exemplary environment for operation of an embodiment of the present
invention. In the embodiment shown, an organization 102 includes a
client computer 104. The client computer 104 includes various
software components, such as an operating system, an Internet
browser, anti-virus software, an email client, and other components
necessary for a member of the organization 102 to perform
computerized functions. The client computer 104 may be, for
example, a personal computer, such as a desktop, notebook, palmtop
or hand-held computer, a mainframe computer, a mini computer, a
workstation, a web-enabled cell phone, or any other device capable
of executing the necessary software components. In the embodiment
shown, the client computer 104 is a personal computer.
The anti-virus software installed on the client computer 104 acts
to prevent the client computer 104 from downloading and/or
executing viruses and other potentially harmful programs when the
client computer 104 interacts with other client machines, servers,
computers, or software. For example, in one embodiment, the
anti-virus software periodically checks all of system files present
on the client computer 104 for viruses or potentially harmful
programs that may have infected the system. Anti-virus tools may
also scan incoming data transmissions to client computer 104 to
prevent viruses and other programs from infecting the client
computer 104.
In the embodiment shown, the client computer 104 also includes a
suite of Internet tools, including a web browser. When a user
requests content using a web browser, the web browser creates a
request. For example, when a user requests a hypertext markup
language (HTML) page from a web server, the user enters a uniform
resource locator (URL) string in the browser's address line. The
browser uses the URL entered by the user to create a hypertext
transfer protocol (HTTP) request and sends the request across a
network. The request may include various bits of information. The
request includes a header. The header includes a variety of
information about the user and the request, including a user agent
string. The user agent string includes information about the user's
computing environment, including the type and version of the
browser software that the user is utilizing.
For example, the user agent string of NETSCAPE installed on
MICROSOFT WINDOWS 95 typically includes Mozilla/9.99 (WIN XX; I);
for MICROSOFT'S INTERNET EXPLORER, the sting includes Mozilla/2.0
(compatible; MSIE 9.99; Update a; AOL 9.9; WINDOWS XX); and for
OPERA, the user agent string includes Mozilla/39.9 (compatible;
OPERA/9.9; WINDOWS XX/NTX). For Internet browsers other than
NETSCAPE NAVIGATOR, the identification field typically includes the
word "compatible" and an identifier of the specific Internet
browser. "MSIE" in the case of MICROSOFT'S INTERNET EXPLORER, and
"Opera" in the case of OPERA.
In the embodiment shown in FIG. 1, the client computer 104 also
includes a file or software that modifies the user agent string so
that the string includes anti-virus version information. For
example, in one embodiment of the present invention, client
computer 104 includes a PERL program operable for modifying the
user agent string when a request is made to include the date of the
currently installed anti-virus software in the user agent string of
the browser. The program converts the date to coordinated universal
time (UTC) or a portion of the UTC corresponding to the anti-virus
program update date and inserts the value at the end of the
then-existing user agent string. In another embodiment utilizing an
operating system such as one of the MICROSOFT WINDOWS family of
operating systems, the anti-virus version information is stored in
a registry setting, which the browser uses to construct the user
agent string. In yet another embodiment utilizing an operating
system such as MICROSOFT WINDOWS, the .ins file is modified and
executed. Various other methods exist for modifying the user agent
string and are well known by those skilled in the art. In
embodiments of the present invention, a multitude of anti-virus
data may be included in the user agent string, including, for
example, the date the anti-virus software was downloaded, the
version of anti-virus software currently installed, an identifier
of the anti-virus software developer or distributor or any other
information helpful in identifying the type and version of
anti-virus software installed and/or used on the client computer
104.
In the embodiment shown in FIG. 1, client computer 104 is in
communication with an internal network 106. The internal network
106 may be a wired or wireless network and may include Intranet
functionality. In the embodiment shown, the internal network 106 is
in communication with a firewall 108. The firewall 108 may include
any combination of hardware or software necessary to prevent
unauthorized access to the internal network 106 or to monitor the
flow of data to and from the internal network 106. The firewall 108
is in communication with an external network. In the embodiment
shown, the external network is the Internet 110. However, the
external network may be another intranet, or any other private,
public, or governmental computer network. The Internet includes a
plurality of computers and computer networking equipment. however,
for the sake of simplicity, FIG. 1 includes only a single external
web server 112. External web server 112 includes hardware and
software necessary to "serve" web pages in response to requests
received from the Internet 110.
In the embodiment shown, the organization also includes a request
filter 114 in communication with the internal network 106. The
request filter 114, which serves as an intermediary for requests
from client computer 104 directed to external web server 112.
Although the request filter 114 serves as an intermediary, the
request filter 114 may exist in any location in which the request
filter can communicate with the client computer 104. For example,
in one embodiment, the organization's Internet service provider
(ISP) provides the request filter 114. In another embodiment, the
request filter 114 is software executing on external web server
112, filtering the requests to which the server 112 responds. In an
embodiment of the present invention, the term "server" means a
computer, computer platform, an adjunct to a computer or platform
or any component thereof.
In embodiments of the present invention, the request filter 114 may
include software, hardware, firmware, or some combination of these
components in order to filter requests. For example, in one
embodiment, request filter 114 is a content (layer 7) intelligent
switching device. In another embodiment, request filter 114 is a
router with processing capabilities. In yet another embodiment, the
request filter 114 software components integrate with proxy server
hardware and/or software.
In an embodiment of the present invention, the request filter 114
includes a software or firmware component for reading the user
agent string present in the header of a request. Specifically, the
software extracts text or a code from the user agent string that
identifies the version of anti-virus software installed on the
client computer 104 submitting a request. The request filter
software also includes routines for determining whether the version
of virus protection software meets or exceeds a standard level
necessary to gain access to the destination included in the
request. If the version of the anti-virus software meets or exceeds
the standard, the request is directed to the original destination,
for example, external web server 112. If the version does not meet
the standard, the request filter 114 directs the request to an
alternate destination, such as internal web server 116. A system
administrator or automated system updates the standard that the
request filter 114 accesses as necessary to ensure that the
standard or standards are appropriate for the various applications
and servers to be accessed. The standard may be stored as a file,
as an entry in a database, or in some other type of memory
accessible by the request filter.
The alternate web server 116 may also take one or more of the
following additional steps: sever the connection without informing
client computer 104 why the request was denied, transmit an updated
virus protection file version to the client computer 104, notify
the anti-virus software provider that the client computer 104 is in
need of an update, or perform some other step that results in
updating the anti-virus software on the client computer 104.
In an embodiment of the present invention, the client computer 104
submits an HTTP request, which is filtered by the request filter
114. Upon transmission, the HTTP request is a computer data signal
embodied in a digital data stream. HTTP messages include HTTP
requests from clients to servers and responses from servers to
clients. Each message includes headers. Request for comment (RFC)
1945 defines message format for an HTTP 1.0 message. An HTTP
request includes request header fields. The request header fields
include information about the client itself, including the user
agent.
FIG. 2 illustrates an exemplary HTTP request in an embodiment of
the present invention. The HTTP request 202 includes 11 fields. The
first field 204 specifies the type of request, "GET," the
destination of the request, "/ABCDE/index.html," and the version of
HTTP used, "1.0." The request 202 also includes a user-agent header
field 206. The field 206 includes a user agent string,
"Mozilla/4.72 [en], AntiV 1.0." The user agent string in the
embodiment shown includes the anti-virus software version as text
at the end of the user agent string, "AntiV 1.0." The request
filter 114 extracts this information from the user agent string in
order to direct the request or in order to control access to
particular information available via the internal 106 or external
110 networks.
FIG. 3 illustrates a method according to the present invention. The
method illustrated in FIG. 3 may be performed by utilizing a
computer-readable medium on which is encoded computer program code.
The computer-readable medium may include a memory, such as random
access memory, an electrically erasable programmable read-only
memory (EEPROM), a removable disk, or some other type of medium. In
the method shown, the request filter (114) receives an HTTP request
302. In order for the request filter (114) to receive the requests,
internal network (106) must forward all or a subset of all HTTP
requests to the request filter (114). Software or firmware
installed on the request filter (114) extracts the user agent
string from the HTTP request header 304. The software then extracts
the anti-virus version from the user agent string 306.
Embodiments of the present invention may utilize a variety of
methods for encoding and decoding the anti-virus version. For
example, in the embodiment shown in FIG. 2, the anti-virus version
in the user agent string (206) is encoded as a text value. In
another embodiment, the anti-virus version is encoded as a
coordinated universal time (UTC) string. In yet another embodiment,
the anti-virus version is encoded as a unique, random number.
Referring again to FIG. 3, the software on the request filter (114)
next compares the anti-virus version to the standard 308. The
standard is the version of anti-virus protection necessary to allow
the request to proceed to the destination specified in the request.
The standard and the anti-virus version contained in the user agent
string may be in the same format or the request filter (114) may
convert one or both of the formats so that they may be compared. If
the anti-virus version meets or exceeds the standard 310, the
request filter (114) directs the request to the original
destination specified in the request 312. If not, the request
filter (114) directs the request to an alternate destination, such
as internal web server (116) 314.
The requirements of a particular server or application for a
specific anti-virus protection version may vary, depending on
factors such as whether the server is internal or external, whether
the data is highly confidential or not, and other factors. Because
the requirements may vary based on the server, one embodiment of
the present invention includes multiple standards which are related
to each server a user may access. In this manner, the anti-virus
protection necessary for the request filter (114) to direct the
request to the original destination can be varied based on the
types of data, the location of the server, and other relevant
factors.
The forgoing description of the preferred embodiments of the
invention has been presented for the purpose of illustration and
description and is not intended to be exhaustive or to limit the
invention to the precise forms disclosed. Numerous modifications
and adaptations thereof will be apparent to those skilled in the
art without departing from the spirit and scope of the present
invention.
* * * * *
References